oak-general-business/lib/utils/user.js

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkPassword = exports.maskPassword = exports.getUserSafetyFilter = void 0;
const types_1 = require("oak-domain/lib/types");
function getUserSafetyFilter(context) {
    const application = context.getApplication();
    const { config } = application.system;
    const { Security } = config || {};
    if (Security && ['strong', 'medium'].includes(Security.level)) {
        // 对于安全要求中高的系统，需要检查其验证密码时间
        const stamp = Date.now() - Security.passwordVerifyGap;
        return {
            $or: [
                {
                    verifyPasswordAt: {
                        $gte: stamp,
                    },
                },
                {
                    hasPassword: false,
                }
            ]
        };
    }
}
exports.getUserSafetyFilter = getUserSafetyFilter;
function maskPassword(password) {
    const encStr = "****************************************".slice(0, password.length - 2);
    return password[0] + encStr + password[password.length - 1];
}
exports.maskPassword = maskPassword;
async function checkPassword(context, password) {
    const systemId = context.getSystemId();
    const [passport] = await context.select('passport', {
        data: {
            id: 1,
            type: 1,
            config: 1,
            systemId: 1,
        },
        filter: {
            systemId,
            type: 'password',
        }
    }, { forUpdate: true });
    if (passport) {
        const config = passport.config;
        const pwdMin = config?.min ?? 8;
        const pwdMax = config?.max ?? 24;
        const needVerify = !!config?.verify;
        const regexs = (config?.regexs && config?.regexs.length > 0) ? config?.regexs : [];
        if (password.length < pwdMin) {
            throw new types_1.OakInputIllegalException('user', ['password'], 'error::password.lengthMin', 'oak-general-business', { min: pwdMin });
        }
        if (password.length > pwdMax) {
            throw new types_1.OakInputIllegalException('user', ['password'], 'error::password.lengthMax', 'oak-general-business', { max: pwdMax });
        }
        if (!!needVerify && regexs && regexs.length > 0) {
            for (const regex of regexs) {
                const pattern = new RegExp(regex);
                if (!pattern.test(password)) {
                    throw new types_1.OakInputIllegalException('user', ['password'], 'error::password.regex', 'oak-general-business');
                }
            }
        }
    }
}
exports.checkPassword = checkPassword;